Re: [opensuse-security] ssh-ing to an old suse.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2007-11-19 a las 21:26 +0100, Lars Grobe escribió:
Did you try to force to a different version (-1 and -2)?
Good luck... Lars.
Nop. With "-2" in the client the result is the same as previously. With "-1" is a bit different, but it fails all the same: cer@nimrodel:~/.ssh> ssh -1 -vv cer@telperion.valinor OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /home/cer/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to telperion.valinor [192.168.1.11] port 22. debug1: Connection established. debug1: identity file /home/cer/.ssh/identity type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2 debug1: match: OpenSSH_2.9p2 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1* debug1: Local version string SSH-1.5-OpenSSH_4.6 debug2: fd 3 setting O_NONBLOCK debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug2: no key of type 1 for host telperion.valinor WARNING: DSA key found for host telperion.valinor in /home/cer/.ssh/known_hosts:13 DSA key fingerprint 67:cd:35:af:9e:39:40:1d:d7:75:f0:49:d7:ee:e4:70. The authenticity of host 'telperion.valinor (192.168.1.11)' can't be established but keys of different type are already known for this host. RSA1 key fingerprint is 5a:61:97:80:74:57:aa:38:ce:94:aa:d1:43:80:e4:7a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'telperion.valinor,192.168.1.11' (RSA1) to the list of known hosts. debug1: Encryption type: 3des debug1: Sent encrypted session key. debug2: cipher_init: set keylen (16 -> 32) debug2: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. And there it stops. The server side log says (hand copied): ... starting up PAM with username "cer" PAM setting rhost to "nimrodel.valinor" Attempting authentication for cer. and it stops till I close the connection, no login.
- -- Saludos Carlos E.R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHQfSVtTMYHG2NR9URAgIpAJ90MCNwtHQ1S2iXWX+/OxfJgEDR0gCeLxv4 wGSUDbYoiRaBKZHbXb5LG6M= =Zj+0 -----END PGP SIGNATURE-----
-----Original Message----- From: Carlos E. R. <robin.listas@telefonica.net> To: OpenSuSE Security List <opensuse-security@opensuse.org> Sent: Mon, 19 Nov 2007 3:39 pm Subject: Re: [opensuse-security] ssh-ing to an old suse. El 2007-11-19 a las 21:26 +0100, Lars Grobe escribió:
Did you try to force to a different version (-1 and -2)?
Hi Carlos: Did you try "-v" three(3) times ??? If not, try it as the man page for ssh says that each -v ( verbose) will give more debug info than the last --- up to a max of three times ! Good luck Gar -- ________________________________________________________________________ Check Out the new free AIM(R) Mail -- Unlimited storage and industry-leading spam and email virus protection. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-11-19 at 16:04 -0500, garulbricht7@netscape.net wrote:
Hi Carlos:
Did you try "-v" three(3) times ???
Nop. Didn't occur to me.
If not, try it as the man page for ssh says that each -v ( verbose) will give more debug info than the last --- up to a max of three times !
Let's try - the end is similar: ... debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 122/256 debug2: bits set: 505/1026 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/cer/.ssh/known_hosts debug3: check_host_in_hostfile: match line 13 debug3: check_host_in_hostfile: filename /home/cer/.ssh/known_hosts debug3: check_host_in_hostfile: match line 13 debug1: Host 'telperion.valinor' is known and matches the DSA host key. debug1: Found key in /home/cer/.ssh/known_hosts:13 debug2: bits set: 500/1026 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received With -1 it ends earlier: cer@nimrodel:~/.ssh> ssh -1 -vvv cer@telperion.valinor OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /home/cer/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to telperion.valinor [192.168.1.11] port 22. debug1: Connection established. debug1: identity file /home/cer/.ssh/identity type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2 debug1: match: OpenSSH_2.9p2 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1* debug1: Local version string SSH-1.5-OpenSSH_4.6 debug2: fd 3 setting O_NONBLOCK debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug3: check_host_in_hostfile: filename /home/cer/.ssh/known_hosts debug3: check_host_in_hostfile: match line 27 debug3: check_host_in_hostfile: filename /home/cer/.ssh/known_hosts debug3: check_host_in_hostfile: match line 27 debug1: Host 'telperion.valinor' is known and matches the RSA1 host key. debug1: Found key in /home/cer/.ssh/known_hosts:27 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug2: cipher_init: set keylen (16 -> 32) debug2: cipher_init: set keylen (16 -> 32) debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHQhm8tTMYHG2NR9URAuSrAJsEunSGmUigDthJsTGhZU5D6CxIpwCffpGA njq9SRGIliUERW0gMOEQWpk= =0FdC -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Carlos E. R. -
garulbricht7@netscape.net